Anderson defines security engineering as "building systems to remain
dependable in the face of malice, error or mischance" (p. 3). He then
spends the following 888 pages immersing the reader in just how wide
the range of "systems" actually is and the multitude of ways malice,
error and mischance can interact with them to produce results that
were at least "unintended".

The book's breadth of coverage is impressive; ranging from the
bread-and-butter subjects of security models, access control and
cryptography to more exotic topics such as bank note printing and
command and control of nuclear weapons.

Anderson successfully navigates the Sylla and Charybdis of
mind-numbing detail and superficial treatment by clearly presenting
the gist of each topic and providing extensive references (a total of
1,379 of them) for further details. An especially helpful feature is
that he concludes each chapter with a "Further reading" section that
points to recommended sources for more information. Many authors
content themselves with a bibliography that catalogues everything
anyone ever said on a subject and abandon the hapless reader to ferret
out the best place to begin exploring the conversation on a particular
subject so these "marked trails" for navigating the topics are much
appreciated.

Structurally, the book is divided into three parts with the first
covering the foundations (usability and psychology, protocols, access
control, etc). Chapter 2 on "Usability and Psychology" is a
particular gem as it reminds us that adversaries can "exploit
psychology at least as much as technology" (p. 17) when attacking our
systems. Using passwords as an example, Anderson delves deeply into
why systems so often don't work as we intended when people are part of
the interface.

The second part is devoted to applications of secure systems (e.g.,
banking and bookkeeping, security printing and seals, electronic and
information warfare). Of special interest is chapter 16 on "Physical
Tamper Resistance", which gives a clear presentation of how techniques
such as "potting" (sealing devices in epoxy) are defeated. His
descriptions of "How to hack a smartcard" are both troubling and
instructive as he presents the active interplay of attack and defense
in the evolution of a technology.

The concluding part is devoted to politics, management and assurance.
Chapter 24 on "Terror, Justice and Freedom" is a must-read examination
of how the security systems we design and deploy can impinge on our
daily lives with consequences beyond their original security
objectives.

Anderson's wide experience with the topics he discusses shines
throughout the presentation and soundly grounds it in the real world
struggle between defenders and attackers. If there is a flaw with the
book, it is the lack of a good copy-editing pass that would have
cleared up some distracting spelling errors and word confusions.

This is a book that belongs on your shelf and, more importantly, one
you should make the time to read. It counters our growing tendency to
insularity by revealing what a wide field of endeavor "security"
actually is. As noted by Bruce Schneier in the foreword, Anderson
(and Roger Needham) coined the phrase "programming Satan's computer"
as an aphorism for the difficulties faced by security professionals in
securing systems against active and innovative adversaries. Perhaps
it's not going too far to call this book the "owner's manual" for
Satan's computer.

Before beginning life as an itinerant university instructor and
security consultant, Richard Austin was the storage network security
architect for a Fortune 25 company. He welcomes your thoughts and
comments at rda7838 at Kennesaw dot edu